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1 . This action is in response to the communication filed on August 16, 2004. 

Begin Action Dated May 14, 2004 

2. Claims 1-57 have been examined. 

Title 

3. The title of the invention is acceptable. 

Priority 

4. No claim for priority has been made for this application. 

5. The effective filing date for the subject matter defined in the pending claims in this 
application is 12/20/2000. 

Information Disclosure Statement 

6. The information disclosure statement (IDS) submitted on May 30, 2001 is in compliance 
with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information 
disclosure statement. 

Drawings 

7. The drawings filed on July 12, 2001 are acceptable for examination proceedings. 

Specification 

8. The abstract of the disclosure is objected to for the following reasons: 

The phrase "is provided" of line 1 can be implied and therefore must be removed. 
The title of the invention listed at the top of the abstract is not in accordance with 
Title 37 C.F.R. 1.72 and therefore must be removed. 
Correction is required. See MPEP § 608.01(b). 

9. The disclosure is objected to because of the following informalities: 
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Page 6 Line 17 recites "O Of course," which is grammatically incorrect. 
Appropriate correction is required. 

10. The appHcant is advised to check for other spelling and grammatical errors throughout 
the specification. Applicant's cooperation is requested in correcting any errors of which 
applicant may become aware in the specification. 

Claim Rejections - 35 USC §102 

11. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in tliis or a 
foreign country or in public use or on sale in this country, more than one year 
prior to the date of application for patent in the United States. 

12. Claims 1-14, 20-33, 39-52 rejected under 35 U.S.C. 102(b) as being anticipated by He 
(U.S. Patent 5,944,824) hereinafter referred to as He. 

13. Claim 1 recites changing the SSO password in response to receiving a change instruction. 
He disclosed a programmed method and system for changing passwords in a Single Sign-On 
(SSO) environment (See He Col. 13 Paragraphs 3-7). He disclosed that in response to a request 
to modify a user account (See He Col. 13 Lines 12-13) a new password is generated (See He Col. 
13 Lines 20-22) and the old password is set to the new password (See He Col. 13 Lines 43-45). 

Claim 1 further recites retrieving and modifying a target password. He disclosed 
retrieving the target password (See He Col. 13 Lines 22-25). He Further disclosed changing a 
target NE password to the specified new password (See He Col. 13 Lines 31-35). 
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14. Regarding claims 2-4, He disclosed providing the modified password target password to 
the network element, or client (See He Col. 10 Paragraphs 2-3). It is inherent that the password 
was first stored in order for it to have been provided in the ticket, as is specified by He (See He 
Col. 10 Lines 16-21). 

15. Regarding claims 5, 8-9, He disclosed password generation by a random number 
generator or by manually entering the password (See He Col. 13 Paragraph 4). Because this task 
was carried out by the network security administrator (See He Col. 13 Paragraph 3), it was 
inherent that a menu was provided such that the password generation method could be chosen. 

16. Regarding claims 6-7, He disclosed users using one password for multiple applications 
(See He Col. 1 Paragraph 5). 

17. Regarding claim 10, He disclosed random password generation being performed in a 
server (See He Col. 1 1 Lines 40-41). 

18. Regarding claim 1 1, He disclosed the use of password policy in generating the random 
passwords (See He Col. 12 Paragraph 2). It is inherent that the password policy was determined 
in order for it to have been used. 

19. Regarding claim 12-14, He disclosed different types of passwords. He disclosed standard 
user passwords (See He Col 1 1 Paragraph 2), network element passwords (See He Col. 8 
Paragraph 8), and Super-User passwords (See He Col. 8 Paragraph 8). It was inherent that each 
of these groups had some sort of password policy to be checked against (See He Col. 12 
Paragraph 2). 

20. Regarding claims 20-33, He disclosed a programmed method and system for changing 
passwords in a Single Sign-On (SSO) environment (See He Claims 1 and 5), Because He 
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claimed a programmed method to be run in a network, it was inherent that the method comprised 
a computer program product in computer readable media. Claims 20-33 are therefore rejected 
for the same reasons as applied to claims 1-14 above. 

21. Regarding claims 39-52, He disclosed a programmed method and system for changing 
passwords in a Single Sign-On (SSO) environment (See He Claims 1 and 5). Claims 39-52 are 
therefore rejected for the same reasons as applied to claims 1-14 above. 

Claim Rejections - 35 USC §103 

22. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

23. Claims 15, 34, and 53 rejected under 35 U.S.C. 103(a) as being unpatentable over He as 
applied to claims 5, 24, and 43 respectively above, and further in view of Redpath (U.S. Patent 
5,854,629) hereinafter referred to as Redpath. 

He disclosed password generation by a random number generator or by manually 
entering the password (See He Col. 13 Paragraph 4). However, He failed to disclose the use of a 
Graphical User Interface (GUI) for implementing this selection. 

Redpath teaches the GUIs were created in order to simplify interaction with computer 
programs for end users of computer programs, such that end users do not need to know specific 
commands in order to effectively use the computer program (See Redpath Col. 1 Paragraph 2). 
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It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Redpath in the invention of He such that the user is 
supplied a GUI menu in order to select a password generation method. This would have been 
obvious because the ordinary person skilled in the art would have been motivated to provide a 
simple interface for the user to interact with the password-changing program. 

24. Claims 16, 35, and 54 rejected under 35 U.S.C. 103(a) as being unpatentable over He as 
applied to claims 1, 20, and 39 respectively above, and further in view of Prafullchandra (U.S. 
Patent 5,734,718) hereinafter referred to as Prafullchandra. 

He disclosed retrieving and changing target passwords (See He Col 13 Paragraphs 3-7), 
but He failed to disclose a change target password policy. However, He did disclose that having 
different administrative policies in individual network elements can be problematic (See He Col. 
1 Paragraph 5). 

Prafullchandra teaches that requiring users to change passwords at predetermined 
intervals can enhance system security (See Prafullchandra Col. 2 Paragraph 3). 

It would have been obvious to the ordinary person skilled in the art at the time of the 
invention to employ the password aging and changing policy of Prafullchandra to the password 
changing system and method of He. This would have been obvious because the ordinary person 
skilled in the art would have been motivated to enhance the security in the network of He. 

25. Claims 17-19, 36-38, 55-57 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over the combination of He and Prafullchandra as applied to 16, 35, and 54 respectively above. 

He disclosed different types of passwords. He disclosed standard user passwords (See He 

Col. 1 1 Paragraph 2), network element passwords (See He Col. 8 Paragraph 8), and Super-User 
passwords (See He Col. 8 Paragraph 8). 
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It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the aging policy of Prafiillchandra to all the types of passwords of He. This 
would have been obvious because the ordinary person skilled in the art would have been 
motivated to enhance the security of all the passwords, regardless of their type. 



Conclusion 

26, The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure, 

a. Limsico (U.S. Patent 5,793,952) disclosed a secure remote password graphic 
interface with the ability to change passwords. 

b. Anderson et al. (U.S. Patent 6,144,959) disclosed a method for managing user 
accounts in a distributed network. 

c. Olkin (U.S. Patent 5,768,503) disclosed a middleware authentication and security 
mechanism. 

d. Dare et al. (U.S. Patent 5,684,950) disclosed a method of authentication via SSO. 

e. Cohen et al. (U.S. Patent 6,178,511) disclosed an SSO mechanism for 
coordinating user target logons. 

f Birnbaum (U.S. Patent 5,797,128) disclosed a hierarchical policy for computer 
system administration. 

g. Fang et al. (U.S. Patent 6,243,816) disclosed a SSO key manager. 

End Action Dated may 14, 2004 
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Response to Amendment 
Priority 

27. As noted in the response by applicant dated August 16, 2004, the effective filing date for 
the subject matter defined in the pending claims in this application is 12/18/2000. 

Specification 

28. In response to applicant's amendments, the objections to the specification are withdrawn. 

29. Response Page 2 recites an amended paragraph replacement from Page 6 Line 15 - Page 
16 Line 29, which is believed to be a mistake and will be taken to mean Page 6 Line 15 - Page 6 
Line 29. 

Response to Arguments 

30. Applicant traverses primarily that He did not disclose a change instruction identifying a 
first SSO password, changing the first SSO password to create a second SSO password, and 
modifying a target password, in a user selected manner, to match the second SSO password to 
create a modified target password. Applicant traverses that He did not disclose changing a SSO 
password at all, but instead changing a super user password. 

3 1 . The examiner has considered all of the arguments set forth by the applicant, and 
respectfully maintains the rejection of claims 1-57 set forth in the first action on the merits, dated 
May 14, 2004. 

32. Regarding the argument that He does not disclose changing SSO passwords. He disclosed 
that at least one super user has SSO capability (See He Col. 8 Lines 47-49). If the super user was 
a SSO super user, then changing the passwords of the super user, as disclosed in Col. 13 
Paragraphs 3-7, must have involved changing SSO passwords, as specifically discussed below. 
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33. Regarding the arguments against the rejections of claims 1, 20, and 39, He disclosed a 
method in a data processing system for changing a plurality of target passwords in a single sign- 
on environment (See He Col 13 Paragraphs 3-7), comprising the steps of 

in response to receiving a change instruction (See He Col. 13 Lines 26-28 wherein, 
although not specifically called a change instruction, it is implied that this message is a change 
instruction by sending a current password, and a new password, and by which in response to 
receiving this message the password of the Super-User is changed) identifying a first single sign- 
on password (See He Col. 13 Lines 27-28 wherein the message identifies the present password, 
which constitutes the first- SSO password), changing the first single sign-on password to create a 
second single sign-on password (See He Col. 13 Lines 34-35 wherein "a new one" constituted 
the second SSO password to which the present password was changed); 

retrieving a target password (See He Col. 13 Lines 22-25 wherein the Super user present 
password is retrieved); 

and modifying the target password in a user selected manner to match the second single 
sign-on password to create a modified target password (See He Col. 13 Lines 38-39 wherein in 
the present password in the retrieved record was modified to match the new password. 
Ahhough, He did not specifically disclose a "modified target password", after the present 
password was changed to match the new password, it constituted a modified present password 
because it was different than it was when the process started. Also, in Col. 13 Lines 20-22, He 
disclosed that new passwords could be generated manually, which constitutes a user-defined 
manner.) 
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34. The examiner maintains the rejections of 2-14, 21-33, and 42-52 as being anticipated by 
He as discussed in the examiner's action dated May 14, 2004, due to the examiner's response to 
the apphcants arguments against claims 1, 29, and 39. 

35. The examiner maintains the rejections of claims 15, 34, and 53 as being obvious over He 
in view of Redpath as discussed in the examiner's action dated May 14, 2004, due to the 
examiner's response to the applicant's arguments against claims 1, 29, and 39. 

36. The examiner maintains the rejections of claims 16, 35, and 54 as being obvious over He 
in view of Prafullchandra as discussed in the examiner's action dated May 14, 2004, due to the 
examiner's response to the applicant's arguments against claims 1, 29, and 39. 

37. The examiner maintains the rejections of claims 17-19, 36-38, and 55-57 as being 
obvious over He in view of Prafullchandra as discussed in the examiner's action dated May 14, 
2004, due to the examiner's response to the applicant's arguments against claims 1, 29, and 39. 

Conclusion 

38. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
poHcy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated fi"om the mailing date of the advisory action. In no event. 



r 
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however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

39. Any inquiry concerning this communication should be directed to Matthew Henning 
whose telephone number is (703) 305-0713. The examiner can normally be reached Monday- 
Friday from 9am to 4pm, EST. 

40. If attempts to reach examiner by telephone are unsuccessful, the examiner's acting 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The fax phone number for this 
group is (703) 305-3718. 

41 . Any inquiry of general nature or relating to the status of this application or proceeding 
should be directed to the Group receptionist whose telephone number is (703) 305-3900. 



Matthew Henning 
Assistant Examiner 
Art Unit 2131 
11/15/04 




/ AYAZ SHEIKH 
SUPERVISORY PATENT EXAWiMER 
TECHNOLOGY CENTER 2100 




